angular.module('web')
  .controller('grantTokenModalCtrl', ['$scope', '$q', '$uibModalInstance','$translate', 'item', 'currentInfo','ramSvs','ossSvs2','AuthInfo','stsSvs','Toast', 'safeApply',
    function ($scope, $q, $modalInstance, $translate, item, currentInfo, ramSvs, ossSvs2, AuthInfo, stsSvs, Toast, safeApply) {
      var T = $translate.instant;
      angular.extend($scope, {
        cancel: cancel,
        policyChange: policyChange,
        onSubmit: onSubmit,
        item: item,
        grant: {
          //privTypes: ['readOnly','all'],
          durSeconds: 3600,
          privType: 'readOnly',
        },
        openExternal: openExternal,
        policyNameReg: /^[a-z0-9A-Z\-]{1,128}$/,
        message5: {
          object: item.name,
          type: item.isBucket?"Bucket":T('folder'),
          privilege: T('privilege.readonly'),
          expiration: '',
        }
      });

      $scope.$watch('grant.privType', function(v){
        $scope.message5.privilege = T('privilege.'+v.toLowerCase());
      });

      init();
      function init(){

        policyChange();
        var ignoreError = true;

        ramSvs.listRoles(ignoreError).then(function(result){
           $scope.roles = result;
        },function(err){
           $scope.roles = [];

          if(err.message.indexOf('You are not authorized to do this action')!=-1){
            Toast.error(T('simplePolicy.noauth.message3')); //'没有权限获取角色列表'
          }
        });
      }

      //Object的读操作包括：GetObject，HeadObject，CopyObject和UploadPartCopy中的对source object的读；
      //Object的写操作包括：PutObject，PostObject，AppendObject，DeleteObject，DeleteMultipleObjects，CompleteMultipartUpload以及CopyObject对新的Object的写。

      function cancel() {
        $modalInstance.dismiss('close');
      }

      function genPolicy(privType) {
        var t = [];

        var actions = [];
        if(privType=='readOnly'){
          actions = [
            'oss:Get*',
            'oss:List*'
          ];
        } else if (privType=='readWrite') {
          actions = [
            'oss:Get*',
            'oss:List*',
            'oss:Put*',
            'oss:DeleteObject',
            'oss:AbortMultipartUpload',
          ];
        } else if (privType=='all') {
          actions = ['oss:*'];
        }


        var item = angular.copy($scope.item);

        if (item.region || item.isFolder) {
          var bucket = item.region ? item.name : currentInfo.bucket;
          var key = item.path||'';
          
          t.push({
            "Effect": "Allow",
            "Action": [
              "oss:ListObjects"
            ],
            "Resource": [
              "acs:oss:*:*:" + bucket
            ],
            "Condition": {
              "StringLike": {
                "oss:Prefix": key + "*"
              }
            }
          });

          t.push({
            "Effect": "Allow",
            "Action": actions,
            "Resource": [
              "acs:oss:*:*:" + bucket + "/" + key + "*"
            ]
          });
        } else {
          //文件所有权限
          t.push({
            "Effect": "Allow",
            "Action": [
              "oss:ListObjects"
            ],
            "Resource": [
              "acs:oss:*:*:" + currentInfo.bucket,
            ],
            "Condition": {
              "StringLike": {
                "oss:Prefix": item.path
              }
            }
          });

          t.push({
            "Effect": "Allow",
            "Action": actions,
            "Resource": [
              "acs:oss:*:*:" + currentInfo.bucket + '/' + item.path
            ]
          });
        }

        return {
          "Version": "1",
          "Statement": t
        };
      }

      var policy;
      function policyChange(){
        var privType = $scope.grant.privType;
        policy = genPolicy(privType);
        $scope.grant.policy = JSON.stringify(policy,' ',2);

        // var name =  (Math.random()+'').substring(2);
        // name = $scope.item.name.replace(/[\W_]+/g,'-');
        // $scope.grant.policyName = name;
      }

      function onSubmit(form1) {
        if (!form1.$valid) return false;
        //var policyName= $scope.grant.policyName;
        var info = angular.copy($scope.grant);
        var item = angular.copy($scope.item);
        var region = item.region || currentInfo.region;
        var bucket = item.region? item.name: currentInfo.bucket;
        var key = item.path||'';
        var eptpl = ossSvs2.getOssEndpoint(region, bucket, AuthInfo.get().eptpl);

        //console.log(info)

        stsSvs.assumeRole(info.roleArn, info.policy, info.durSeconds).then(function(result){
          //console.log(result)

          $scope.origin_token = result;

          var credentials = angular.copy(result.Credentials);

          var tokenInfo = {
            id: credentials.AccessKeyId,
            secret: credentials.AccessKeySecret,
            stoken: credentials.SecurityToken,
            expiration: credentials.Expiration,
            region: region,
            osspath: 'oss://' + bucket + '/'+ key,
            privilege: info.privType,
            eptpl: eptpl
          }

          $scope.token = Buffer.from(JSON.stringify(tokenInfo)).toString('base64');

          $scope.message5.expiration = moment(new Date(result.Credentials.Expiration)).format('YYYY-MM-DD HH:mm:ss');
        },function(err){
          console.log(err)
        });



      }

    }
  ]);
